One of the lesser known but still important obligations that non-EU-based organizations face under the EU General Data Protection Regulation (GDPR) is found in Article 27, which is aptly titled ‘Representatives of controllers or processors not established in the Union.’ Organisations that process EU residents' data, but that are established outside of the EU, must formally appoint a representative in the European Union to represent them on data protection matters.
ARE YOU PROCESSING PERSONAL DATA CONNECTED TO:?
(A) THE OFFERING OF GOODS OR SERVICES, REGARDLESS OF WHETHER PAYMENT IS REQUIRED, TO PERSONS IN THE EU; OR
(B) THE MONITORING OF SUCH PERSON'S BEHAVIOUR, IF THAT BEHAVIOUR, TAKES PLACE IN THE EU?
YES - GDPR applies to your business. The GDPR carries a number of consequences over and above the need to have an appointed Data Protection Representative in the EU.
Article 27 of the General Data Protection Regulation requires that you appoint a representative in the EU as your point of contact for clients, customers and authorities regarding privacy matters.
If you have clients and customers in the EU, and if you want to comply with the law, then this is not optional.
We'll be your representative in the European Union.
What happens should you not comply with the law?
The penalties for failure to comply with GDPR are HUGE. There are Administrative Fines of up to €20 million or 4% of global turnover whichever is the highest. In some jurisdictions of the EU, personal criminal liability will attach to persons such as managers, or company directors or other company offices. This can be a personal liability both for criminal fines and for imprisonment, as well as the corporate liability for the administrative fines set out above. Both the Administrative Fines and the personal criminal liability referred to above can be enforced throughout the EU, not just in the country that the Administrative Fine or personal criminal liability is imposed. We do not anticipate a rash of European Arrest Warrants greeting visitors at their arrival to an EU airport, but it is definitely an unwelcome possibility in any given case.
Where are we based?
We're based in Ireland. After BREXIT, Ireland will be the only English speaking member of the EU.
Are there fees?
Yes representation here in the EU can start from as little as just €19 per month. There is a once off sign-up fee of €99.
We are data protection experts, lawyers and business professionals. We understand exactly what you require.
What do we do? Get started here
How can your company designate EU REP as its GDPR representative in the EU.
Make the payment.
Upload EU Rep contact details to your website and download our helpful privacy materials for your guidance.